Recap: the European Union legislative process

The European Commission (the Commission), has the right of initiative to propose laws for adoption by the European Parliament and the Council of the European Union (
) representing
Member States (national ministers)1. The vast majority of European laws are adopted jointly by the European Parliament and the Council of the
under the so-called ordinary legislative procedure. This legislative procedure gives the same weight to the European Parliament and the Council of the
in a wide range of areas (see the link to the European Parliament Website, entitled ‘Legislative Powers’, below).

Revision of the Payment Services Directive

Directives lay down certain end results that must be achieved in every
Member State (see the link to the European Commission Website ‘Application of
Law/Directives’ below). The Payment Services Directive (PSD) was implemented in most
Member States by 1 November 2009. Article 87 of the PSD requires the Commission to present a report on the implementation and impact of the PSD together with proposals for its revision by 1 November 2012. On 24 July 2013 the Commission published a ‘payments legislative package’ (see ‘related links’ below), which includes the proposals for a revised PSD (
) and a new Regulation on interchange fees for card-based payment transactions. The proposal for the
and the Regulation on interchange fees for card-based payment transactions, respectively, will have to be adopted by the
legislator, i.e. the European Parliament and the Council of the
. The Commission counts on the European Parliament and the Council of the
to reach an agreement on the Commission’s ‘payments legislative package’ published in July 2013 “by Spring 2014.”2

This timeline seems ambitious but it is assumed that this tight planning reflects the Commission’s desire to have the ‘payments legislative package’ adopted by the
legislator prior to the European Parliament elections in 2014.

This article focuses on the proposed
.

enters the
decision-making process

Since the publication of the Commission proposal for
in late July 2013, the European decision-making process has kicked off in earnest. The European Parliament’s Economic and Monetary Affairs Committee (ECON) has focused on a tight timetable with the objective of adopting a position in February 2014. The ECON’s rapporteur of the
, Member of the European Parliament (MEP) Diogo Feio, issued a draft report on
in November 2013 and set a deadline for amendments by ECON members of early January 2014. In parallel, the
Council, representing
Member States, is currently focussing its attention on other key pieces of legislation (such as recovery and resolution, and banking union), which are on the table. The
Presidency under the leadership of Greece is planning to begin its work on
only in the second quarter of 2014.

However, we should also not forget that
is not a standalone legislation. Instead, it is part of the Commission’s ‘payments legislative package’, which also includes the Commission proposal for a Regulation on interchange fees for card-based payment transactions (commonly referenced as the multilateral interchange fee (MIF) Regulation). The objective is therefore that
and the MIF Regulation are decided together. After all, a number of provisions cross-reference between these two texts, which also means that one cannot be decided in the absence of the other. Other cross-references in
include the
Data Protection legislation, which is currently under review, and the proposed Network and Information Security (NIS) Directive3.

There are other challenges impacting the timing for the
adoption. The European Parliament is going to be reconstituted after the elections taking place at the end of May 2014. This means that any decision-making that has not been agreed by May 2014 is likely to move to the new European Parliament and hence to the second half of the year. In parallel, the Commission will also change and new European Commissioners will be voted by the European Parliament in October and enter into office on 1 November 2014. All of this means of course that there is currently no certainty on whether there will be a speedy adoption of the ‘payments legislative package’ or whether more time will be allocated to properly amend and decide on these important payments legislative changes. With the amount of technical issues in
, expert guidance will be very important in any case, in order to ensure that
will not bring more problems for the European payments market but will rather solve some of the existing issues.

Key points in
and the perspectives of the ECON draft report

The European Banking Federation’s Payments Regulatory Expert Group (PREG) welcomes important improvements to the
text introduced with the ECON draft report. However, it also identified a number of areas of concern and need for further clarification in relation to some of the key provisions of
and the amendments proposed in the ECON draft report.

Third party payment service providers

One of the central themes of
is the introduction and regulation of third party payment service providers (
). These types of providers, which have already offered services to consumers for some time without being regulated, (apart from some specific exemptions), are defined and regulated by
. This is a positive step as this will help to ensure greater security and confidence for consumers.

When analysing
,
are to be authorised as payment institutions (Article 10) unless eligible for a waiver under Article 27. With regard to
and their relationship to account servicing payment service providers (AS
), specific provisions are defined. However for the remainder of the text – in particular in Title III and IV, which define the conduct of business requirements –
refers to the generic term of
. In those cases it is not clear whether all requirements apply to
in the same way as to other
, such as payment institutions and banks. For example, Articles 60(1), 61(1)(b), 62(1)(c), 62(2), and Article 69(1), which currently refer to a ‘payment service provider’ should refer to ‘account servicing payment service providers’. It is recommended that a consistency check is applied and for
to be reviewed in that regard to ensure that the appropriate Articles apply to the relevant type of
. This has however not yet been considered by the draft ECON report and hence remains a suggestion to be included.

Another area that still lacks clarity relates to the different types of
and their activities. First we have the
that offers payment initiation services (a
) and second we have the
that offers account information services (an
).

The
, as described in
, should only be able to: (i) check for the availability of sufficient funds, (ii) request/initiate a payment and (iii) receive confirmation that the payment has been made. (For the purpose of clarity one should realise that only the AS
can execute the payment.)

The
, on the other hand, would require access to more account information than for payment initiation services, in order to perform account information aggregation, but this information would be accessible on a ‘view only’ basis.

The following analogy illustrates the difference between payment initiation services and account information services: whilst the owner of a house (this is the customer with the bank account) has all the keys required to enter every room in his house and he can obviously do inside these rooms whatever he pleases, a
will only be given the key to access the kitchen where he is allowed to cook (nothing else). On the other hand, the
will receive all keys of the house but is not allowed to do anything in any of the rooms apart from inspect them. This means an
can see everything in the house and present information on what he has seen, but is not authorised to perform any actions in the house. (The
must not act on the customer’s account, e.g. the
cannot initiate a payment.)

It will be important to clarify in
that a
is not able to offer both payment initiation services and account information services, in order to prevent the situation that the
can see everything on a customer’s account and also act, i.e. create payment orders. Both the definitions in, and the Annex to, the
would need to reflect a clear separation of services in that regard.

Amendment 30 included with the draft ECON Report provides improved clarity around the precise scope of payment initiation services, whilst amendment 31 aims to provide more clarity with regard to account information services. However, there is still some room for improvement with regard to account information services, which obviously do not offer any payment service, but only information services. Hence the word ‘payment’ should be removed from the definition of account information services. In addition, any Article that relates to payment transactions, (e.g. Articles 63, 64 and 69), should not apply to all types of
but only to
.

With regard to other definitions, it is surprising that the Commission’s
proposal does not define the ‘third party payment instrument issuer’, but uses this terminology extensively in Article 59. The ECON draft report attempts to remedy this gap. However, the current amendment only refers back to the list of services in the Annex. This unfortunately does not provide sufficient detail on the role and activities of a third party payment instrument issuer. This will need to be looked at in more detail before adopting the ECON
position.

Authentication

A key question in
centres on the authentication of the bank customer. When a
is used, it has to be clear that for authentication purposes the payment service user’s (
’s) personalised security credentials are not re-used by the
. This would not fit with the Commission’s intentions to limit what information or action can be carried out through payment initiation services or account information services. It would also not be conducive to ensuring the security and integrity of payment services.
will therefore require their own, distinct security credentials in order to authenticate themselves unambiguously to the AS
. The ECON draft report suggests exactly that, by amending Article 4(21) to establish the principle to distinguish between authenticating the
and the
. However, the term ‘personalised security features’ also needs to be defined, so that the potential re-use of customer credentials is clearly prohibited.

To ensure maximum
security, Article 58(2), to which the ECON draft report makes a number of amendments, as well as Article 61(2), should also remove any references to the use of
’s ‘personalised security features’ by the
. A further point of clarification along the same lines should be considered for Article 87(1). The ECON draft report still does not change the Commission’s wording, suggesting that
can re-use the customer’s personalised security credentials. Again, the text should clearly reflect that this is prohibited. Also, logically the authentication of the
should happen before any services are provided to the
. Hence Article 87(2) should be amended to that effect. These modifications would need to be introduced into the European Parliament’s position on
(which will be reflected with the final ECON report).

The Single European Interface

A new suggestion in the ECON draft report (amendment 115, Article 94 (b new)) is the creation of a Single European Interface, which would be a key tool in achieving maximum security for all
, also with regard to
accessing the accounts of
. In addition, ECON Rapporteur Feio suggests creating a multi-stakeholder panel, under the leadership of the European Banking Authority (
), to develop the details of how the interaction between the
and the AS
should work in practice. This is a positive proposal as it will be essential to develop a common approach to avoid unnecessary costs and an inefficient outcome. However, it is currently far from clear as to what shape such an interface would take in practice. Endorsing such an idea without any clarity around the content or execution path is certainly risky and may not be technologically neutral enough in order to be future proof. Legislation should be more principle-based than specific and any such ideas should therefore be left to possible technical rules that the
could develop in the future.

Instead of giving this role to
, the Euro Retail Payments Board (
), a newly established multi-stakeholder body chaired by the European Central Bank4, would be better placed to work on this interface together with all stakeholders represented on the
.

One-leg-out transactions

Another key area of change under
is the extension of provisions to one-leg-out transactions, i.e. transactions where one of the
is located outside the
/ European Economic Area (
). The Commission’s text proposes to apply, in addition to the value dating Article 78, all of Title III to one-leg-out transactions, (see PSD II proposal Article 2(1)). Title III covers information requirements to
. A number of
Member States had already required their
to apply Articles of Title III to one-leg-out transactions, which makes this scope extension consistent with the market reality.

The ECON draft report however expands this concept by proposing to apply all of Title IV, (except for Articles 72 and 74(1)), to one-leg-out transactions, (amendment 23, Article 2(1)). Upon close examination there are unfortunately a number of provisions that would pose a practical challenge if applied to one-leg-out transactions. Here are some examples:

The Share-Charging-Principle (Article 55(2)), which requires the payee and the payer to pay the charges levied by their respective
, is clearly difficult to apply in case of one-leg-out transactions given that the full amount must travel end-to-end and charges may not be known for transactions that are received from outside of the
Single Market.

Another example would be the ‘Notification of unauthorised or incorrectly executed payment transactions’ (Article 63), where a period of 13 months is given in which a
can obtain rectification from his
if the
notifies his
of any unauthorised or incorrectly executed payment transactions. This period of 13 months does not necessarily apply in all markets outside the
/
. In some countries the record keeping timeframes can be as short as six months, which would mean that if a claim was made after this time, the merchant may no longer be in possession of the necessary records.

Similarly, the receipt of payment orders under Article 69 cannot be guaranteed by a
located in the
/
, when it is on the receiving side.

Other problematic articles in relation to one-leg-out transactions include the following
Articles: 73, 74, 75, 76, 77, 80, 81, 82 and 91. It would be strongly recommended to review the feasibility of applying that many Articles of Title IV to one-leg-out transactions, given the practical and legal limitations highlighted above.

The Share-Charging-Principle

PSD1 had introduced the principle that every
pays the charges levied by their respective
, whilst the full amount of the payment transaction had to arrive at the beneficiary
. However, the PSD1 included some confusing wording which suggested that this principle would only apply in the absence of a currency conversion. Given the fact that currency conversions are, in any case, separate to the payment transaction and hence should have no bearing on the charging principle, it should therefore be clarified in
that the Share-Charging-Principle applies at all times to
transactions that have both legs of the transaction within the
/
.

Hence the reference to currency conversion should be removed from Article 55(2). This opportunity has not been taken in the draft ECON report, but should be considered as part of the final ECON position.

Direct debit refund right

proposes a reformulation of the refund right with the aim of clarifying that an unconditional refund right should apply to direct debits, in line with the
Direct Debit Core Rulebook developed by the European Payments Council (
). However, the wording proposed by the Commission could have the unintended consequence of mixing the responsibility for the technical payment execution, which lies with the
, with the commercial agreement that exists between payer and payee. Unfortunately, the ECON draft report does not suggest any proposals to modify the Commission’s original text.

In order to ensure that an unconditional refund right can be applied, whilst at the same time offering the opportunity for a payer and payee to agree on a no-refund option as part of the direct debit mandate, (for example in case of amounts that are pre-defined), the
proposes that this Article could read as follows: “For direct debits the payer has an unconditional right for refund within the time limits set in Article 68. The payer and the payer’s payment service provider may agree on an exclusion of the refund right provided that the absence of the refund right is clearly mentioned in a specific mandate under a payment scheme which does not provide for the right to a refund.” To the benefit of rendering this provision both practicable and consumer protective, this wording should be adopted for
.

(For details on the
position on
, refer to the article entitled ‘
:
Key Considerations Address Aspects Related to Third Party Payment Service Providers and Article 67 (Refund Rights for Direct Debits)’ included with the ‘related articles in this issue’ below.)

International Bank Account Numbers on debit cards

The ECON draft report also introduces a new provision (Recital 19 (a new) and Article 53a (new)), the so-called International Bank Account Number (IBAN) readability. This new provision suggested with the ECON draft report states that issuers of debit cards or mobile/online applications that are based on debit card functionality should ensure that the IBAN of the underlying customer account is visible and can be electronically read by merchants. It is not clear what this amendment is trying to achieve. The cost benefit of re-issuing new debit cards with the IBAN printed on the card, outside the normal card replacement cycle, would certainly be disproportionate and economically absurd and should therefore be avoided.

Non-execution, defective or late execution

Article 80 of
, which defines liabilities of
in case of non-execution, defective or late execution is a very important provision. However, the Commission’s proposal does not provide an easily understandable set of requirements. In fact, there are passages where the liabilities are clearly allocated to the wrong party. For example at the end of paragraph 2 of Article 80(1) the Commission suggests making the payer’s
liable to the payee, whilst in fact the payer’s
should always be liable to the payer, as this is his customer. Other areas of this Article would need similar clarifications and modifications. As a general observation, Article 80 is highly complex and difficult to follow. It will need further analysis once the implications of AS
interacting with
are more clearly understood and defined.

Sufficient time for review of this important legislative proposal should be allocated to ensure the best possible outcome

With a significant number of
aspects still requiring further review and improvement, it is unclear at this stage in the process whether this can be accomplished within the timelines envisaged by the Commission, i.e. a final co-decision between the European Parliament, the
Council representing
Member States and the Commission on
can be reached before Summer 2014. It also has to be taken into consideration that, in parallel, formal adoption of the
by the
legislator depends on the adoption of the MIF Regulation and other ancillary legislative texts such as the NIS Directive and updated
data protection rules5.

This author suggests allocating more time to decide this important regulatory piece to ensure the best possible outcome.

Ruth Wandhöfer chairs the European Banking Federation’s Payments Regulatory Expert Group (PREG). She also chairs the
Information Security Support Group.

Your reactions

If you would like to comment on this article, please identify yourself with your first and last name. Your name will appear next to your comment. Email addresses will not be published. Please note that by accessing or contributing to the discussion you agree to abide by the EPC website conditions of use.

In this article

In July 2013, the European Commission (the Commission) published its proposal for the second version of the Payment Services Directive (
). The Commission counts on the European Union (
) legislative bodies, i.e. the European Parliament and the Council of the
representing
Member States, to reach agreement on its proposal before the summer of 2014. The
decision making has quickly gained pace with the European Parliament Economic and Monetary Affairs Committee (ECON) due to agree its position on the
text in February 2014. Some proposed changes to the text included with the related ECON draft report published in November 2013 appear to be key improvements. However, other draft amendments to the text considered by the ECON are less clear cut and in some areas the possibility for improving the
proposal has not yet been embraced. In this article, Ruth Wandhöfer, Chair of the European Banking Federation’s Payments Regulatory Expert Group (PREG), re-examines some of the key
provisions in light of the ECON draft report. Against the backdrop of the overall
decision-making timetable, which could be seen to be ambitious, it is unclear whether some of the complex stumbling blocks in
can be properly resolved in time. The risk of agreeing headline requirements in the Directive without having a plan around executing compliance is high. This author suggests some potential solutions to key issues identified with
and hopes more time will be allocated to confirm the details of this important regulatory piece.

The views expressed in this article are solely those of the author and should not be attributed to the European Payments Council.

Key Information in this Article

The proposal for a revised Payment Services Directive (
) published by the European Commission (the Commission) in July 2013 is currently being reviewed by both European Union (
) legislative bodies, i.e. the European Parliament and the Council of the
representing
Member States.

Member of the European Parliament (MEP) Diogo Feio is the Rapporteur of the European Parliament’s Economic and Monetary Affairs Committee (ECON) for
. In November 2013, MEP Feio issued the ECON draft report including suggested amendments of the Commission’s proposed text for the
.

This article reflects the analysis of the European Banking Federation’s Payments Regulatory Expert Group (PREG) of the ECON draft report on
.

The PREG welcomes important improvements to the
text introduced with the ECON draft report. However, it also identified a number of areas of concern and need for further clarification in relation to, inter alia:

Third party payment service providers.

Authentication.

The concept of a ‘Single European Interface’ introduced with the ECON draft report.

One-leg-out transactions.

The Share-Charging-Principle.

Direct debit refund right.

International Bank Account Numbers on debit cards.

Non-execution, defective or late execution.

This article details the PREG proposals for further revision of the
text with regard to these aspects.

The ECON will submit its report on
for vote by the European Parliament. In parallel, the Council of the
representing
Member States is reviewing the text for the
introduced by the Commission. In a next step of the co-legislative process, the European Parliament and the Council of the
, together with the European Commission, will have to agree on the final version of the
text.

Sources providing detailed information on the
legislative process and the ECON draft report on
are included in the ‘related links’ at the end of this article.

Jargon buster:

ECON – European Parliament Economic and Monetary Affairs Committee.

– payment service provider.

– payment service user.

AS
– account servicing payment service provider.

– third party payment service provider – also referred to in other documents as TPPSP.

– third party payment service provider that offers payment initiation services.

– third party payment service provider that offers account information services.

Alain Hiltgen

EPC Office Holder / Payment Security Support Group Chair

Payment Security Support Group Chair
Head of Business Security Advice, Executive Director, UBS AG